You can clone with
HTTPS or Subversion.
Something like a 'readonlyrequirepass' configuration directive
So some client can only have read access to data but can't modify them. It will improve security
And as slaves should only read data from master, not write data, the masterauth can be compared to master readonlyrequirepass if there's one or requirepass if not.
Hi, this is unlikely to get implemented in the form of an ACL as you propose, but we could have "read only slaves" in the future. Closing for now since the title and description of this issue is mainly about read-only access using a password. Thanks for contributing ideas.